oma-frontend

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Tooling & Performance" section explicitly instructs a "Shadcn Workflow" (shadcn_search_items_in_registries, shadcn_get_item_examples_from_registries, shadcn_get_add_command_for_items) that searches and reviews items from registries (public third‑party package/registry content) and then uses those results to decide installation/actions, which means the agent fetches and interprets untrusted third‑party content that can influence its next actions.